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DETAILED ACTION 

1 . The amendment received on 2/26/08 has been entered. 

Response to Amendment 

2. Applicant's arguments have been carefully considered. 

In light of applicant amendment the previously presented objections are withdrawn. 

3. Applicant's arguments are directed towards the limitations of previously presented in 
claims 2 (currently included in the set of the independent claims). Specifically, 
applicant argues that Brownell does not teach "determining whether the firmware 
update application has access to a predetermined encryption key utilized by the 
computer system ". The most relevant support of applicant's allegation is found on 
pg. 10 of the Remarks: 

"Brownell, at best, teaches that in order to verify the signature of a certificate 122, authorization verifier 147B uses a 
certificate authority public key 141 B, which is widely and publicly distributed within the system of intended use such that 
application 102 and components 104A-B all have access to a copy of this public key. (Brownell, col. 7). That is, in 
Brownell, the verifier uses a public key that is accessible by all applications and components in order to verify a certificate. 
This is in direct contrast to the system and methods of the present invention, in which a determination is made as to 
whether the encryption key that the firmware update application has access to is, indeed, the same (private) key that the 
computer system (such as the BIOS) has access to. Unlike in Brownell, it is not always the case that the key will be the 
same between the BIOS and the firmware update application, and thus, verifying that the firmware update application has 
access to this same key as the computer system provides verifying information." 

The examiner does not find the argument and the support persuasive. 
In response to applicant's argument that the references fail to show certain features 
of applicant's invention, it is noted that the features upon which applicant relies (i.e. 
"Unlike in Brownell, it is not always the case that the key will be the same between 
the BIOS and the firmware update application, and thus, verifying that the firmware 
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update application has access to this same key as the computer system provides 
verifying information") are not recited in the rejected claim(s). Although the claims 
are interpreted in light of the specification, limitations from the specification are not 
read into the claims. See In re Van Geuns, 988 F.2d 1 181, 26 USPQ2d 1057 (Fed. 
Cir. 1993). The claim language does not prevent a key to be accessible by all 
applications and components. Similarly, the claim language is silent regarding the 
requirement of the key between the BIOS and the firmware update application being 
the same or not the same. The claim limitation at best requires the key to be a 
predetermined key (any key used in verification process reads on a predetermined 
key). 

4. Claims 1, 3-9, 11-17, 19-21 have been examined. 

The text of those sections of Title 35, U.S. Code not included in this action can be 
found in a prior Office action. 

Claim Rejections - 35 USC § 103 

5. Claims 1, 3, 5, 8-9, 11-12, 14 and 16-17, 19-21 are rejected under 35 U.S.C. 103(a) 
as unpatentable over Applicant Admitted Prior Art (AAPA) in view of Brownell (USPN 
6965994) and further in view of Freeman (USPUB 20040006700). 

As per claims 1 and 16, AAPA discloses saving a firmware update application and 
firmware, restarting the computer system, causing the computer system to recognize 
that a firmware update is available, locating the firmware update application and the 
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firmware, and initiating the firmware update application (the specification, pg. 2 lines 
15-23). 

6. AAPA does not explicitly disclose saving the firmware update application to the 
computer system. However, saving the firmware update application to the computer 
system, if not inherent, would have been at least implicit. In order to save data into a 
diskette, as shown by AAPA, the diskette must be placed into a computer system. 
(This concept of saving data into a diskette that is a part of the computer system is 
old and well-known as illustrated by Abit.) Furthermore, in order for a computer 
system to be able to run a computer application (or any computer code) the 
application must be saved (stored at least temporary) in Random Access Memory of 
the computer system. 

7. AAPA does not disclose verifying that the firmware update application has the 
authority to perform activity (e.g. to perform the firmware update). 

Brownell (USPN 6965994) discloses verifying an application authorization to perform 
particular activity (Brownell, col. 2 lines 23-33). It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to verify that the firmware 
update application has the authority to perform activity (such as to perform the 
firmware update). One of ordinary skill in the art would have been motivated to 
perform such a modification in order to significantly enhance security. 

8. The authorization of the application disclosed by Brownell includes encrypting and 
decrypting validation data associated with the application (corresponding to the 
firmware update application) and the associated module (the firmware, see. Col. 5 
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line 1- line 6 line 35. However, note that col. 7-8 further discusses the 
encrypting/decrypting of validation data). 

Furthermore, Brownell discloses that the step of determining whether the application 
has access to a predetermined encryption key utilized by the computer system (e.g. 
Brownell, col. 6 lines 41-48, for example). 

9. As per claims 3 and 10-11, Brownell discloses encrypting a token with a 
predetermine encryption key, the result being a first encrypted token, providing the 
uncrypted token to the application, encrypting the token at the application, the result 
being a second encrypted token, comparing the first encrypted token and the second 
encrypted token, and allowing the application to run if the first encrypted token 
matches the second encrypted token (e.g. col. 8 line 41 - col. 10 line 10). 

10. The limitations of claims 5, 14 and 17 are implicit. Computer programs that verify 
particular conditions (e.g. whether a program is authorized) act based on a found 
result (e.g. was the condition met? This is frequently done by using Boolean 
operators (True/False), see Wikipedia for example). The result reads on a flag. 

1 1 .As per claims 8 and 20, using the firmware update application that is DOS-based 
application is an obvious variation that is well known in the art (e.g. Abit). One would 
have been motivated to use DOS-based firmware update applications especially in 
light of the benefits of these firmware updates as evidenced by their commercial 
success. 

1 2. As per claim 9 and 21 , AAPA in view Brownell does not disclose verifying that the 
user is authorized to update the target device. 
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However, verifying that a user is authorized to conduct any updates on a particular 
device (e.g. firmware updates) is old and well-known in the art of computer security. 
(Typical systems (e.g. computers running Windows based OS) utilize access 
controls on their files systems and access to particular files (e.g. configuration files) 
is restricted to only special groups (e.g. administrator). When an access to a file 
(e.g. write/change) is requested the system verifies that the user has sufficient 
privileges to perform action on this file. Note, that in addition to file permissions, 
Windows OS also utilizes users rights that also restrict users to only a particular set 
of activities. For more information see Windows NT or Windows 2000). It would 
have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to include authorization of a user. One of ordinary skill in the art would 
have been motivated to perform such a modification in order to ensure the computer 
system security and integrity. 

13. As per claim 12, verifying a user provided password is the primary mechanism of the 
user authentication in computer systems, such as previously discussed Windows OS 
(see Windows, "The Log-On Process"). 

14. As per claim 19, the examiner considers a password, which is associated with the 
user verified to be authorized to implement updates, to read on an administrative 
password. 

15. Claim 4 is rejected under 35 U.S.C. 103(a) as unpatentable over Applicant Admitted 
Prior Art (AAPA) in view of Brownell (USPN 6965994) and further in view of 
Freeman (USPUB 20040006700). 
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AAPA in view of Brownell discloses performing a firmware update comprising 
verifying that the firmware update application has the authority to perform the 
firmware update by determining whether the firmware update application has access 
to a predetermined encryption key. 
16. AAPA in view of Brownell do not disclose that the predetermined encryption key is 
maintained by the BIOS of the computer system. 

Freeman discloses a predetermined encryption key maintained a BIOS of a 
computer system that is used in verify authority of an application (instructions 
executed to initiate system attribute modification for the computer system, [0021- 
0026]). It would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to include Freeman's invention to maintain the predetermined 
encryption key, used in verifying authority of the application, in a BIOS of a computer 
system. One of ordinary skill in the art would have been motivated to perform such a 
modification in order to ensure that the application's authenticity. 

Conclusion 

Claims 6-7, 13 and 15 are objected to as being dependent upon a rejected base 
claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Peter Poltorak whose telephone number is (571) 272- 
3840. The examiner can normally be reached Monday through Thursday from 9:00 
a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 3:30 p.m 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571 ) 272-381 1 . The fax phone number 
for the organization where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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